Processing of personal data

What regulates processing of your personal data?

The General Data Protection Regulation (GDPR, 2016/679)
regulates how we are allowed to process your personal data. This
regulation applies throughout the EU from 25th May
2018.

As a result the Swedish data protection law (PuL,
Personuppgiftslagen) has been revoked and replaced by a new Swedish
data protection law which regulates those parts of GDPR which each
member state can regulate itself.

Rights of public access

As Öresundskraft is a company which is covered by the laws which
regulate the rights of public access to public sector companies,
municipalities and government bodies entails that we are required
to provide access to documents which fall within this legislation.
Information or data (eg. In the form of e-mail) that you provide us
can therefore become the subject of a public access request, and we
can be required to provide these to the party requesting
access.

What is personal data?

It is all data which can identify an individual person. Both
direct and indirect information can in combination lead to being
able to identify an individual person, such as IP-Address, user ID,
direct telephone number, mobile telephone number, photos, films and
recorded telephone calls.

What is processing of personal data?

Processing of personal data is any operation or set of
operations performed upon personal data regardless of whether it is
automated or not. You can presume that everything that is processed
in a IT-system or database counts as processing such as collection,
registration, printing, transferring and storing.

Not only are traditional IT systems and databases count as
processing but also processing which occurs in for example office
programs such as word or excel, as well as pdf files counts as
processing.

Who processes your personal data?

The controller is the company (legal entity) who determines the
purpose and means of processing of personal data.

The main Controller is Öresundskraft AB (company number:
556089-7851)

If you are a customer to our electricity or gas retail company
then the controller is Öresundskraft Marknad AB (company number:
556519-7679)

If we provide you with district heating then the controller is
Öresundskraft Företagsmarknad AB (company number: 556573-6906).

Your personal data can also be processed by our partners who
process your personal data on our behalf in order to fulfil our
contract with you, or communicate with you in relation to
marketing.

In the event that credit history check is required (which will
be stipulated in the contract terms or offer which you receive from
us) the check will be made with Credit Safe AB.

We do not sell your personal data to any third party.

What personal data do we process?

Öresundskraft processes and registers personal information which
you provide to us.

We normally need certain personal data in order to enter into a
contract with you, these include name, person number (Sweden's
national identification number), telephone number, e-mail address,
postal address, residential address.

Information regarding which categories of personal data which we
process are registered in our records of processing activities. All
processing is performed in accordance with the current data
protection regulations.

In order to keep your personal data current and up to date it
will be necessary for us to update and complete your personal data
with help from official and private registers such as updating
addresses with help from the official state address register
(SPAR).

Your personal data is used in order to administrate the services
or products that we have contracted with you, marketing of
Öresundskraft's products or services, profiling (se marketing and
profiling below), evaluation and quality control (including system
update testing), for statistics (such as statistic that we are
required to provide to the Central Statistics Bureau). If you
contact us via our communication channels (such as chatt, website,
social media) then your personal details and any other information
which you provide can be processed through it being recorded or
stored.

Marketing and profiling

If you haven't barred marketing contact then we may process your
personal data in order to market our own products and services or
to provide you with customised offers in relation to products or
services offered by Öresundskraft Group. These can be based upon
the current products or services you have with us, changes in the
products or services you have with us as well as how you use our
communication channels. We may contact you in marketing activities
via e-mail if you haven't expressly declined marketing contact via
e-mail for example via unsubscribing.

Profiling your personal data occurs in order to provide you with
better information regarding for example energy usage and offers
regarding our products or services. Your personal data can be
included in automated profiling where a certain profile is required
to receive a certain offer. We do not apply profiling which could
entail that you are denied our products or services.

In the event that a credit check is necessary in order to enter
into a contract with us (as stated in contract terms or the offer
you have received) then we will make a decision based upon an
individual assessment of your credit worthiness and our ability to
enter into a contract with you based upon that assessment. We use
Credit Safe AB to provide a credit worthiness report.

How long will we process your personal data?

Öresundskraft will save your personal data so long as you are
our customer. Thereafter we will need to save certain personal data
in order to fulfil legal requirement, such as accounting laws and
regulations or archive regulations. When the legal requirement is
no longer applicable we will be able to delete or anonymise (so it
cannot be connected to you any longer) your personal data. Please
note however that certain personal data is necessary in order for
us to be able to fulfil our contractual obligations to you or other
legal requirements such as collected meter readings, billing
information, debited contracts. Such information cannot be
restricted or deleted.

Deletion or partial removal (thinning out) of information will
be in accordance with our plan for deletion of information /
documentation plan in accordance with the type of personal
information or document. Contact our Data Protection Officer in
order to receive a copy of this.

Your rights in relation to personal data processing

You have the right to obtain information regarding which
personal data about you that is processed in Öresundskraft's
business (a subject access request).

If you wish to know what information we process which relates to
you then you can send a request in writing, which needs to be
signed by you, to the address provided below under "contact". We
shall provide you with the details within a month of receiving your
request, under certain circumstances (such as the number of
received requests) this can be extended by a further two months. If
this is the case we will inform you of this within a month.

If you do not wish us to use your personal data for marketing or
profiling purposes, in order to send you offers and information
regarding our products, then you can send your request to the same
address under "contact" below. If you consider any details which we
process about you to be incorrect or unrepresentative then please
contact us immediately.

Apart from the right to a subject access request and to have
data corrected you also have the right to object to your data being
processed by us or demand that your personal data be deleted or
that usage is restricted (that the processing should be restricted
to a certain purpose) and that the details you have provided us
with should be provided to you in a machine readable format
(otherwise called data portability).

You also have the right to recall any consent which you have
provided to us. You can recall this consent by contacting us via
the address below. Our processing will cease from the date we
receive your retraction and it has been registered with us.

You have the right in accordance with the Data Protection
Regulations to make a complaint regarding the processing of your
personal data to the Swedish data protection authority
"Datainspektionen". You can contact them via datainspektionen@datainspektionen.se